SlideShare a Scribd company logo

How to Build a Successful Cybersecurity Program?

Download as PPTX, PDF
PECB
PECB

How to Build a Successful Cybersecurity Program? Is your cybersecurity program delivering on its promise? How do you know it works? Cybersecurity programs involve a significant investment in people, technology and time, so you need to ensure they help mitigate cyber risk effectively. The webinar covers: • Explain why assurance is so important for managing cyber risk • Describe the key features of a successful cybersecurity program • Highlight the role of a cyber assurance program in overall risk management • Present essential steps required to deliver effective cybersecurity. Date: November 06, 2019 Recorded webinar:

Education
1 of 25
©2019 Information Security Forum Limited How to Build a Successful Cyber Security Program 1 Mark Chaplin Information Security Forum
©2019 Information Security Forum Limited How to Build a Successful Cyber Security Program 2 Agenda 1. About the Information Security Forum 2. Context – Business operations 3. Drivers for cyber security 4. Cyber threat landscape 5. Cyber security challenges 6. The role of cyber risk management 7. Cyber security programme – Key ingredients 8. Building a cyber security programme 9. Remaining business and risk focused 10. Getting started – 5 takeaways
©2019 Information Security Forum Limited How to Build a Successful Cyber Security Program 3 We are an international association of over 480 leading global organisations (Fortune 500/Forbes 2000), which... • addresses key issues in information risk management through research and collaboration • develops practical tools and guidance • remains a fully independent, not-for-profit organisation driven by its Members • promotes networking within its Membership. Our Members include over 99 international banks and financial institutions T H E L E A D I N G G L O B A L A U T H O R I T Y O N C Y B E R S E C U R I T Y A N D I N F O R M AT I O N R I S K M A N A G E M E N T About the Information Security Forum (ISF)
©2019 Information Security Forum Limited How to Build a Successful Cyber Security Program 4 ISF services help business leaders and information security practitioners to address business issues across the enterprise What are the issues faced by: • Board Members • Chief Information Security Officers • Information Security Managers • Business Managers • IT Managers and Technical Staff • Internal and External Auditors • IT Service Providers • Procurement and Vendor Management Teams • Understanding cyber risk as a key component of the business strategy • Mounting volumes of critical and sensitive information • Increasing economic, legal and regulatory pressures • Greater focus on privacy and data protection • Increased dependency on the supply chain • Need to be agile and competitive • Changing culture of end users • Increased use of diverse technology • Business impact of incidents • Emerging and changing threats • Globalisation and cyber security
©2019 Information Security Forum Limited How to Build a Successful Cyber Security Program 5 Context – Business operations • Strategy • Commerce • Products and services • Supply chain • Workforce • Location and premises • Power and telecommunications
©2019 Information Security Forum Limited How to Build a Successful Cyber Security Program 6 Drivers – Board expectations 1. Preparedness for a crisis 2. Situational awareness 3. Basic cyber protection measures 4. Resilience 5. Proven and effective risk management 6. Good practice in security governance 7. Assurance
©2019 Information Security Forum Limited How to Build a Successful Cyber Security Program 7
©2019 Information Security Forum Limited How to Build a Successful Cyber Security Program 8 Technology • Legacy to emerging • Information technology to operational technology • Cloud / Virtualisation • Artificial intelligence / Quantum computing • Blockchain / Internet of Things Every second • 4,193 Skype calls • 81GB of Internet traffic • 78,000 Google searches • 81,000 YouTube videos viewed • 2,851,735 emails sent Drivers - Information and technology https://www.internetlivestats.com
©2019 Information Security Forum Limited How to Build a Successful Cyber Security Program 9 The Wall Street Journal, The Guardian Weekly, China Daily, The Straits Times, UCL European Institute, The Washington Post Drivers - Information and technology
©2019 Information Security Forum Limited How to Build a Successful Cyber Security Program 10 Cyber threat landscape www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/ 2009 2019
©2019 Information Security Forum Limited How to Build a Successful Cyber Security Program 11 World’s Biggest Data Breaches & Hacks InformationIsBeautiful.net using data from Identity Theft Resource Center and DataBreaches.net
©2019 Information Security Forum Limited How to Build a Successful Cyber Security Program 12 Cyber threat landscape New York Times, Wired Magazine, Reuters, Foreignpolicy.com, BBC, The Independent, The Telegraph, The Washington Post, The Huffington Post, The Guardian Nigeria, Arab News, Energy Voice
©2019 Information Security Forum Limited How to Build a Successful Cyber Security Program 13 Profit-driven attacks FT, BBC, Wired Magazine, Forbes Magazine, Reuters, ICO, Identity Theft Resource Center, Privacy Rights Clearinghouse and Hackmageddon.com
©2019 Information Security Forum Limited How to Build a Successful Cyber Security Program 14 Major financially-motivated breaches Privacy Rights Clearinghouse Data Breaches
©2019 Information Security Forum Limited How to Build a Successful Cyber Security Program 15 Tangible loss from cyber attacks FT, BBC, Wired Magazine, Forbes Magazine, Reuters, ICO, Identity Theft Resource Center, Privacy Rights Clearinghouse and Hackmageddon.com
©2019 Information Security Forum Limited How to Build a Successful Cyber Security Program 16 Cyber security challenges • Poor terminology • Insufficient quality/validate risk data • Focus on assessment not management • Lack of integration with business risk management • Inadequate tooling • Difficulties interpreting data, communicating risk and making key business decisions • Measurement of the wrong data points • Limited to no assurance of risk management
©2019 Information Security Forum Limited How to Build a Successful Cyber Security Program 17 • Reduce uncertainty • Quantify risk in terms of clear probability and magnitude • Inform decision making • Prioritise actions • Improve/direct spending • Manage expectations • Prevent bad things from happening • Achieve perfect (100%) security • Reduce loss to zero • Demonstrate compliance • Support a subjective need • Make people feel comfortable • Identify scapegoats The role of cyber risk management
©2019 Information Security Forum Limited How to Build a Successful Cyber Security Program 18 Cyber risk management objectives 1. Reduce the frequency of successful cyber threat events 2. Reduce the financial loss of cyber loss events
©2018 Information Security Forum Limited How to Build a Successful Cyber Security Program 19 Cyber security programme – Key ingredients • Governance • Management • Methodology • Architecture / Control framework • Tooling • Measurement and analysis • Visualisation / Communication • Decision support and action • Assurance and improvement • Supply chain • Resilience • Asset management • Business process mapping • Event management and metrics • Threat and vulnerability management • Audit/assessments • Incident management
©2019 Information Security Forum Limited How to Build a Successful Cyber Security Program 20 Benefits of applying a business and risk-based approach 1. More consistent use of risk management language with key decision-makers 2. Greater understanding of the threat landscape and corresponding losses 3. Justified confidence in the adequacy of the methodology 4. Effective use of risk appetite (aversion / tolerance) 5. Integration with broader risk management disciplines and practices 6. Continuous evaluation and improvement 7. Target spending, reduce exposure and minimise waste 8. Improve decision-making with cost-benefit analysis 9. Reduce subjectivity and increase objectivity 10. Accurately measure, aggregate and quantify cyber risk
©2019 Information Security Forum Limited How to Build a Successful Cyber Security Program 21 Remaining business and risk focused Objectives Approach Purpose People Activity Communication Measurement CEO and Leadership Team CISO and Security Function
©2019 Information Security Forum Limited How to Build a Successful Cyber Security Program 22 Getting started – 5 take-aways 1. Test and update cyber incident / crisis management capabilities 2. Improve basic cyber protection 3. Establish cyber situational awareness 4. Focus on reducing the frequency of adverse cyber events and the subsequent financial loss, when they occur 5. Provide continuous assurance of cyber risk mitigation
ISO/IEC 27032 Training Courses • ISO/IEC 27032 Introduction 1 Day Course • ISO/IEC 27032 Foundation 2 Days Course • ISO/IEC 27032 Lead Cybersecurity Manager 5 Days Course Exam and certification fees are included in the training price. www.pecb.com/en/education-and-certification-for-individuals/iso-iec- 27032 www.pecb.com/events
THANK YOU ? mark.chaplin@securityforum.org linkedin.com/in/markchaplin

Recommended

Cyber Security in The Cloud
Cyber Security in The CloudCyber Security in The Cloud
Cyber Security in The Cloud
PECB
 
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
PECB
 
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA RegulationTop 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
PECB
 
How an Integrated Management system helps you comply with new Cyber Laws and ...
How an Integrated Management system helps you comply with new Cyber Laws and ...How an Integrated Management system helps you comply with new Cyber Laws and ...
How an Integrated Management system helps you comply with new Cyber Laws and ...
PECB
 
Case Study: The Role of Human Error in Information Security
Case Study: The Role of Human Error in Information SecurityCase Study: The Role of Human Error in Information Security
Case Study: The Role of Human Error in Information Security
PECB
 
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl PereiraCyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
Knowledge Group
 
Building Trust in Blockchain: How Blockchain Will Revolutionize Businesses in...
Building Trust in Blockchain: How Blockchain Will Revolutionize Businesses in...Building Trust in Blockchain: How Blockchain Will Revolutionize Businesses in...
Building Trust in Blockchain: How Blockchain Will Revolutionize Businesses in...
PECB
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your Organization
McKonly & Asbury, LLP
 

Recommended

Cyber Security in The Cloud
Cyber Security in The CloudCyber Security in The Cloud
Cyber Security in The Cloud
PECB
 
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
PECB
 
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA RegulationTop 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
PECB
 
How an Integrated Management system helps you comply with new Cyber Laws and ...
How an Integrated Management system helps you comply with new Cyber Laws and ...How an Integrated Management system helps you comply with new Cyber Laws and ...
How an Integrated Management system helps you comply with new Cyber Laws and ...
PECB
 
Case Study: The Role of Human Error in Information Security
Case Study: The Role of Human Error in Information SecurityCase Study: The Role of Human Error in Information Security
Case Study: The Role of Human Error in Information Security
PECB
 
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl PereiraCyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
Knowledge Group
 
Building Trust in Blockchain: How Blockchain Will Revolutionize Businesses in...
Building Trust in Blockchain: How Blockchain Will Revolutionize Businesses in...Building Trust in Blockchain: How Blockchain Will Revolutionize Businesses in...
Building Trust in Blockchain: How Blockchain Will Revolutionize Businesses in...
PECB
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your Organization
McKonly & Asbury, LLP
 
Total Digital Security Introduction 4.2
Total Digital Security Introduction 4.2Total Digital Security Introduction 4.2
Total Digital Security Introduction 4.2
Brad Deflin
 
Cyber Crime Threat Landscape - A Focus on the Financial Industry
Cyber Crime Threat Landscape - A Focus on the Financial IndustryCyber Crime Threat Landscape - A Focus on the Financial Industry
Cyber Crime Threat Landscape - A Focus on the Financial Industry
William McBorrough
 
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?
PECB
 
Cyber Security Strategies and Approaches
Cyber Security Strategies and ApproachesCyber Security Strategies and Approaches
Cyber Security Strategies and Approaches
vngundi
 
Top Cyber Threat Predictions for 2019
Top Cyber Threat Predictions for 2019Top Cyber Threat Predictions for 2019
Top Cyber Threat Predictions for 2019
PECB
 
CSA Atlanta Q1'2016 Chapter Meeting
CSA Atlanta Q1'2016 Chapter MeetingCSA Atlanta Q1'2016 Chapter Meeting
CSA Atlanta Q1'2016 Chapter Meeting
Phil Agcaoili
 
ICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security Governance
Charles Lim
 
Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016
Imperva
 
Why Executives Underinvest In Cybersecurity
Why Executives Underinvest In CybersecurityWhy Executives Underinvest In Cybersecurity
Why Executives Underinvest In Cybersecurity
HackerOne
 
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
PECB
 
Cybersecurity Risks for Businesses
Cybersecurity Risks for BusinessesCybersecurity Risks for Businesses
Cybersecurity Risks for Businesses
Alex Rudie
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service Presentation
William McBorrough
 
Threat Intelligence Market
Threat Intelligence MarketThreat Intelligence Market
Threat Intelligence Market
Datsun Arnold
 
Fortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
Fortifying Cyber Defense: How to Act Now to Protect Global Supply ChainsFortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
Fortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
Ignyte Assurance Platform
 
Implementing a Security Management Framework
Implementing a Security Management FrameworkImplementing a Security Management Framework
Implementing a Security Management Framework
Joseph Wynn
 
Security Transformation Services
Security Transformation ServicesSecurity Transformation Services
Security Transformation Services
xband
 
"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategy"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategy
Jason Clark
 
Cyber security
Cyber securityCyber security
Cyber security
Vaibhav Jain
 
Cyber Resilience
Cyber ResilienceCyber Resilience
Cyber Resilience
Ian-Edward Stafrace
 
Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.
Vertex Holdings
 
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
FERMA
 
Approaches to Cyber Resilience and Supply Chain Assurance
Approaches to Cyber Resilience and Supply Chain AssuranceApproaches to Cyber Resilience and Supply Chain Assurance
Approaches to Cyber Resilience and Supply Chain Assurance
Leonardo
 

More Related Content

What's hot

Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?
PECB
 
Top Cyber Threat Predictions for 2019
Top Cyber Threat Predictions for 2019Top Cyber Threat Predictions for 2019
Top Cyber Threat Predictions for 2019
PECB
 
ICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security Governance
Charles Lim
 
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
PECB
 
Threat Intelligence Market
Threat Intelligence MarketThreat Intelligence Market
Threat Intelligence Market
Datsun Arnold
 
Fortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
Fortifying Cyber Defense: How to Act Now to Protect Global Supply ChainsFortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
Fortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
Ignyte Assurance Platform
 

What's hot (20)

Total Digital Security Introduction 4.2
Total Digital Security Introduction 4.2Total Digital Security Introduction 4.2
Total Digital Security Introduction 4.2
 
Cyber Crime Threat Landscape - A Focus on the Financial Industry
Cyber Crime Threat Landscape - A Focus on the Financial IndustryCyber Crime Threat Landscape - A Focus on the Financial Industry
Cyber Crime Threat Landscape - A Focus on the Financial Industry
 
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?
 
Cyber Security Strategies and Approaches
Cyber Security Strategies and ApproachesCyber Security Strategies and Approaches
Cyber Security Strategies and Approaches
 
Top Cyber Threat Predictions for 2019
Top Cyber Threat Predictions for 2019Top Cyber Threat Predictions for 2019
Top Cyber Threat Predictions for 2019
 
CSA Atlanta Q1'2016 Chapter Meeting
CSA Atlanta Q1'2016 Chapter MeetingCSA Atlanta Q1'2016 Chapter Meeting
CSA Atlanta Q1'2016 Chapter Meeting
 
ICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security Governance
 
Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016
 
Why Executives Underinvest In Cybersecurity
Why Executives Underinvest In CybersecurityWhy Executives Underinvest In Cybersecurity
Why Executives Underinvest In Cybersecurity
 
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
 
Cybersecurity Risks for Businesses
Cybersecurity Risks for BusinessesCybersecurity Risks for Businesses
Cybersecurity Risks for Businesses
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service Presentation
 
Threat Intelligence Market
Threat Intelligence MarketThreat Intelligence Market
Threat Intelligence Market
 
Fortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
Fortifying Cyber Defense: How to Act Now to Protect Global Supply ChainsFortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
Fortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
 
Implementing a Security Management Framework
Implementing a Security Management FrameworkImplementing a Security Management Framework
Implementing a Security Management Framework
 
Security Transformation Services
Security Transformation ServicesSecurity Transformation Services
Security Transformation Services
 
"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategy"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategy
 
Cyber security
Cyber securityCyber security
Cyber security
 
Cyber Resilience
Cyber ResilienceCyber Resilience
Cyber Resilience
 
Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.
 

Similar to How to Build a Successful Cybersecurity Program?

Investing in Digital Threat Intelligence Management to Protect Your Assets ou...
Investing in Digital Threat Intelligence Management to Protect Your Assets ou...Investing in Digital Threat Intelligence Management to Protect Your Assets ou...
Investing in Digital Threat Intelligence Management to Protect Your Assets ou...
Enterprise Management Associates
 
Meeting the cyber risk challenge
Meeting the cyber risk challengeMeeting the cyber risk challenge
Meeting the cyber risk challenge
FERMA
 
Is cyber security now too hard for enterprises?
Is cyber security now too hard for enterprises? Is cyber security now too hard for enterprises?
Is cyber security now too hard for enterprises?
Pierre Audoin Consultants
 
10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should Know10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should Know
IBM Security
 
Qatar's NIA Policy Program
Qatar's NIA Policy ProgramQatar's NIA Policy Program
Qatar's NIA Policy Program
Samir Pawaskar
 

Similar to How to Build a Successful Cybersecurity Program? (20)

Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
 
Approaches to Cyber Resilience and Supply Chain Assurance
Approaches to Cyber Resilience and Supply Chain AssuranceApproaches to Cyber Resilience and Supply Chain Assurance
Approaches to Cyber Resilience and Supply Chain Assurance
 
Investing in Digital Threat Intelligence Management to Protect Your Assets ou...
Investing in Digital Threat Intelligence Management to Protect Your Assets ou...Investing in Digital Threat Intelligence Management to Protect Your Assets ou...
Investing in Digital Threat Intelligence Management to Protect Your Assets ou...
 
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
 
New technologies - Amer Haza'a
New technologies - Amer Haza'aNew technologies - Amer Haza'a
New technologies - Amer Haza'a
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber Resilience
 
Digital trust and cyber challenge now extends beyond the Enterprise
Digital trust and cyber challenge now extends beyond the Enterprise Digital trust and cyber challenge now extends beyond the Enterprise
Digital trust and cyber challenge now extends beyond the Enterprise
 
Meeting the cyber risk challenge
Meeting the cyber risk challengeMeeting the cyber risk challenge
Meeting the cyber risk challenge
 
Introduction to RESILIA and Cyber Resilience
Introduction to RESILIA and Cyber ResilienceIntroduction to RESILIA and Cyber Resilience
Introduction to RESILIA and Cyber Resilience
 
A holistic approach to risk management 20210210 w acfe france & cyber rea...
A holistic approach to risk management 20210210 w acfe france & cyber rea...A holistic approach to risk management 20210210 w acfe france & cyber rea...
A holistic approach to risk management 20210210 w acfe france & cyber rea...
 
Cyber risk tips for boards and executive teams
Cyber risk tips for boards and executive teamsCyber risk tips for boards and executive teams
Cyber risk tips for boards and executive teams
 
wkshp26mar19_presentation.pdf
wkshp26mar19_presentation.pdfwkshp26mar19_presentation.pdf
wkshp26mar19_presentation.pdf
 
Accenture Security CG&S Cyber Resilience
Accenture Security CG&S Cyber ResilienceAccenture Security CG&S Cyber Resilience
Accenture Security CG&S Cyber Resilience
 
Accenture Security CG&S Cyber Resilience
Accenture Security CG&S Cyber ResilienceAccenture Security CG&S Cyber Resilience
Accenture Security CG&S Cyber Resilience
 
Is cyber security now too hard for enterprises?
Is cyber security now too hard for enterprises? Is cyber security now too hard for enterprises?
Is cyber security now too hard for enterprises?
 
How to Centre your PCI Programme Around your Business Objective - SureCloud
How to Centre your PCI Programme Around your Business Objective - SureCloud How to Centre your PCI Programme Around your Business Objective - SureCloud
How to Centre your PCI Programme Around your Business Objective - SureCloud
 
Top 5 Cybersecurity Trends in 2021 and Beyond
Top 5 Cybersecurity Trends in 2021 and BeyondTop 5 Cybersecurity Trends in 2021 and Beyond
Top 5 Cybersecurity Trends in 2021 and Beyond
 
10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should Know10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should Know
 
Standards in Third Party Risk - DVV Solutions ISACA North May 19
Standards in Third Party Risk - DVV Solutions ISACA North May 19 Standards in Third Party Risk - DVV Solutions ISACA North May 19
Standards in Third Party Risk - DVV Solutions ISACA North May 19
 
Qatar's NIA Policy Program
Qatar's NIA Policy ProgramQatar's NIA Policy Program
Qatar's NIA Policy Program
 

More from PECB

Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
PECB
 
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of CybersecurityDORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
PECB
 
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI GovernanceSecuring the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
PECB
 
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
PECB
 
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
PECB
 
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
PECB
 
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
PECB
 
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
PECB
 
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsManaging ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
PECB
 
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
PECB
 
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
PECB
 
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
PECB
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
PECB
 
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
PECB
 
IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?
PECB
 
Student Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptxStudent Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptx
PECB
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
PECB
 

More from PECB (20)

Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of CybersecurityDORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
 
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI GovernanceSecuring the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
 
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
 
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
 
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
 
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
 
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
 
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsManaging ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
 
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
 
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
 
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
 
Student Information Session University KTMC
Student Information Session University KTMC Student Information Session University KTMC
Student Information Session University KTMC
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
 
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
 
Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA
 
IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?
 
Information Session University Egybyte.pptx
Information Session University Egybyte.pptxInformation Session University Egybyte.pptx
Information Session University Egybyte.pptx
 
Student Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptxStudent Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptx
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
 

Recently uploaded

Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
ciinovamais
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
negromaestrong
 
Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...
Association for Project Management
 

Recently uploaded (20)

Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
PROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docxPROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docx
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
 
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptx
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...
 
Dyslexia AI Workshop for Slideshare.pptx
Dyslexia AI Workshop for Slideshare.pptxDyslexia AI Workshop for Slideshare.pptx
Dyslexia AI Workshop for Slideshare.pptx
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
 
How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSHow to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POS
 
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
 
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptxSKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
 
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentation
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and Modifications
 
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
 

How to Build a Successful Cybersecurity Program?

  • 1. ©2019 Information Security Forum Limited How to Build a Successful Cyber Security Program 1 Mark Chaplin Information Security Forum
  • 2. ©2019 Information Security Forum Limited How to Build a Successful Cyber Security Program 2 Agenda 1. About the Information Security Forum 2. Context – Business operations 3. Drivers for cyber security 4. Cyber threat landscape 5. Cyber security challenges 6. The role of cyber risk management 7. Cyber security programme – Key ingredients 8. Building a cyber security programme 9. Remaining business and risk focused 10. Getting started – 5 takeaways
  • 3. ©2019 Information Security Forum Limited How to Build a Successful Cyber Security Program 3 We are an international association of over 480 leading global organisations (Fortune 500/Forbes 2000), which... • addresses key issues in information risk management through research and collaboration • develops practical tools and guidance • remains a fully independent, not-for-profit organisation driven by its Members • promotes networking within its Membership. Our Members include over 99 international banks and financial institutions T H E L E A D I N G G L O B A L A U T H O R I T Y O N C Y B E R S E C U R I T Y A N D I N F O R M AT I O N R I S K M A N A G E M E N T About the Information Security Forum (ISF)
  • 4. ©2019 Information Security Forum Limited How to Build a Successful Cyber Security Program 4 ISF services help business leaders and information security practitioners to address business issues across the enterprise What are the issues faced by: • Board Members • Chief Information Security Officers • Information Security Managers • Business Managers • IT Managers and Technical Staff • Internal and External Auditors • IT Service Providers • Procurement and Vendor Management Teams • Understanding cyber risk as a key component of the business strategy • Mounting volumes of critical and sensitive information • Increasing economic, legal and regulatory pressures • Greater focus on privacy and data protection • Increased dependency on the supply chain • Need to be agile and competitive • Changing culture of end users • Increased use of diverse technology • Business impact of incidents • Emerging and changing threats • Globalisation and cyber security
  • 5. ©2019 Information Security Forum Limited How to Build a Successful Cyber Security Program 5 Context – Business operations • Strategy • Commerce • Products and services • Supply chain • Workforce • Location and premises • Power and telecommunications
  • 6. ©2019 Information Security Forum Limited How to Build a Successful Cyber Security Program 6 Drivers – Board expectations 1. Preparedness for a crisis 2. Situational awareness 3. Basic cyber protection measures 4. Resilience 5. Proven and effective risk management 6. Good practice in security governance 7. Assurance
  • 7. ©2019 Information Security Forum Limited How to Build a Successful Cyber Security Program 7
  • 8. ©2019 Information Security Forum Limited How to Build a Successful Cyber Security Program 8 Technology • Legacy to emerging • Information technology to operational technology • Cloud / Virtualisation • Artificial intelligence / Quantum computing • Blockchain / Internet of Things Every second • 4,193 Skype calls • 81GB of Internet traffic • 78,000 Google searches • 81,000 YouTube videos viewed • 2,851,735 emails sent Drivers - Information and technology https://www.internetlivestats.com
  • 9. ©2019 Information Security Forum Limited How to Build a Successful Cyber Security Program 9 The Wall Street Journal, The Guardian Weekly, China Daily, The Straits Times, UCL European Institute, The Washington Post Drivers - Information and technology
  • 10. ©2019 Information Security Forum Limited How to Build a Successful Cyber Security Program 10 Cyber threat landscape www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/ 2009 2019
  • 11. ©2019 Information Security Forum Limited How to Build a Successful Cyber Security Program 11 World’s Biggest Data Breaches & Hacks InformationIsBeautiful.net using data from Identity Theft Resource Center and DataBreaches.net
  • 12. ©2019 Information Security Forum Limited How to Build a Successful Cyber Security Program 12 Cyber threat landscape New York Times, Wired Magazine, Reuters, Foreignpolicy.com, BBC, The Independent, The Telegraph, The Washington Post, The Huffington Post, The Guardian Nigeria, Arab News, Energy Voice
  • 13. ©2019 Information Security Forum Limited How to Build a Successful Cyber Security Program 13 Profit-driven attacks FT, BBC, Wired Magazine, Forbes Magazine, Reuters, ICO, Identity Theft Resource Center, Privacy Rights Clearinghouse and Hackmageddon.com
  • 14. ©2019 Information Security Forum Limited How to Build a Successful Cyber Security Program 14 Major financially-motivated breaches Privacy Rights Clearinghouse Data Breaches
  • 15. ©2019 Information Security Forum Limited How to Build a Successful Cyber Security Program 15 Tangible loss from cyber attacks FT, BBC, Wired Magazine, Forbes Magazine, Reuters, ICO, Identity Theft Resource Center, Privacy Rights Clearinghouse and Hackmageddon.com
  • 16. ©2019 Information Security Forum Limited How to Build a Successful Cyber Security Program 16 Cyber security challenges • Poor terminology • Insufficient quality/validate risk data • Focus on assessment not management • Lack of integration with business risk management • Inadequate tooling • Difficulties interpreting data, communicating risk and making key business decisions • Measurement of the wrong data points • Limited to no assurance of risk management
  • 17. ©2019 Information Security Forum Limited How to Build a Successful Cyber Security Program 17 • Reduce uncertainty • Quantify risk in terms of clear probability and magnitude • Inform decision making • Prioritise actions • Improve/direct spending • Manage expectations • Prevent bad things from happening • Achieve perfect (100%) security • Reduce loss to zero • Demonstrate compliance • Support a subjective need • Make people feel comfortable • Identify scapegoats The role of cyber risk management
  • 18. ©2019 Information Security Forum Limited How to Build a Successful Cyber Security Program 18 Cyber risk management objectives 1. Reduce the frequency of successful cyber threat events 2. Reduce the financial loss of cyber loss events
  • 19. ©2018 Information Security Forum Limited How to Build a Successful Cyber Security Program 19 Cyber security programme – Key ingredients • Governance • Management • Methodology • Architecture / Control framework • Tooling • Measurement and analysis • Visualisation / Communication • Decision support and action • Assurance and improvement • Supply chain • Resilience • Asset management • Business process mapping • Event management and metrics • Threat and vulnerability management • Audit/assessments • Incident management
  • 20. ©2019 Information Security Forum Limited How to Build a Successful Cyber Security Program 20 Benefits of applying a business and risk-based approach 1. More consistent use of risk management language with key decision-makers 2. Greater understanding of the threat landscape and corresponding losses 3. Justified confidence in the adequacy of the methodology 4. Effective use of risk appetite (aversion / tolerance) 5. Integration with broader risk management disciplines and practices 6. Continuous evaluation and improvement 7. Target spending, reduce exposure and minimise waste 8. Improve decision-making with cost-benefit analysis 9. Reduce subjectivity and increase objectivity 10. Accurately measure, aggregate and quantify cyber risk
  • 21. ©2019 Information Security Forum Limited How to Build a Successful Cyber Security Program 21 Remaining business and risk focused Objectives Approach Purpose People Activity Communication Measurement CEO and Leadership Team CISO and Security Function
  • 22. ©2019 Information Security Forum Limited How to Build a Successful Cyber Security Program 22 Getting started – 5 take-aways 1. Test and update cyber incident / crisis management capabilities 2. Improve basic cyber protection 3. Establish cyber situational awareness 4. Focus on reducing the frequency of adverse cyber events and the subsequent financial loss, when they occur 5. Provide continuous assurance of cyber risk mitigation
  • 23.
  • 24. ISO/IEC 27032 Training Courses • ISO/IEC 27032 Introduction 1 Day Course • ISO/IEC 27032 Foundation 2 Days Course • ISO/IEC 27032 Lead Cybersecurity Manager 5 Days Course Exam and certification fees are included in the training price. www.pecb.com/en/education-and-certification-for-individuals/iso-iec- 27032 www.pecb.com/events

Editor's Notes

  1. 3